commit 8c527d0be840f91a4158cdc4974046bf38e868cf
author Ronald Cron <ronald.cron@arm.com> Tue Mar 07 15:47:47 2023 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu Apr 06 10:26:18 2023 +0200
tree 721cfe373602b338970d1242c7f6ffee13609906
parent 2f16b4ec6604fcda0556a07fc8d7381481c55f8b

tls13: srv: Parse supported versions extension early

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 9a706b1..61d88ea 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1249,6 +1249,8 @@
     const unsigned char *cipher_suites_end;
     size_t extensions_len;
     const unsigned char *extensions_end;
+    const unsigned char *supported_versions_ext;
+    const unsigned char *supported_versions_ext_end;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     int hrr_required = 0;
 
@@ -1343,10 +1345,41 @@
      * extensions_len                               2 bytes
      */
     MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 2 + 2);
-    cipher_suites_end = p + cipher_suites_len;
+    p += cipher_suites_len;
+    cipher_suites_end = p;
 
     /*
-     * Only support TLS 1.3 currently, temporarily set the version.
+     * Search for the supported versions extension and parse it to determine
+     * if the client supports TLS 1.3.
+     */
+    ret = mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts(
+        ssl, p + 2, end,
+        &supported_versions_ext, &supported_versions_ext_end);
+    if (ret < 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              ("mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts"), ret);
+        return ret;
+    }
+
+    if (ret == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("TLS 1.3 is not supported by the client"));
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+                                     MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
+        return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
+    }
+
+    ret = ssl_tls13_parse_supported_versions_ext(ssl,
+                                                 supported_versions_ext,
+                                                 supported_versions_ext_end);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              ("ssl_tls13_parse_supported_versions_ext"), ret);
+        return ret;
+    }
+
+    /*
+     * We negotiate TLS 1.3.
      */
     ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
 
@@ -1539,15 +1572,7 @@
 #endif /* PSA_WANT_ALG_ECDH */
 
             case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
-                MBEDTLS_SSL_DEBUG_MSG(3, ("found supported versions extension"));
-
-                ret = ssl_tls13_parse_supported_versions_ext(
-                    ssl, p, extension_data_end);
-                if (ret != 0) {
-                    MBEDTLS_SSL_DEBUG_RET(1,
-                                          ("ssl_tls13_parse_supported_versions_ext"), ret);
-                    return ret;
-                }
+                /* Already parsed */
                 break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)